Security Audit

emelia-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

emelia-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dynamic Tool Discovery and Execution via Rube MCP, Dependency on External Rube MCP Platform.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Dynamic Tool Discovery and Execution via Rube MCP The skill's documentation encourages dynamic discovery of tools via `RUBE_SEARCH_TOOLS` and execution via `RUBE_MULTI_EXECUTE_TOOL`. It also explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This design pattern grants the agent the ability to discover and execute a potentially wide range of operations within the Emelia toolkit without explicit, pre-defined tool access controls within the skill itself. The actual scope of these tools depends on the `rube` MCP and the Emelia toolkit, which are external dependencies. This broad access could lead to unintended actions if the agent is not properly constrained or if the underlying tools have sensitive capabilities. Implement stricter access controls or allow-lists for specific `tool_slug`s that the agent is permitted to use. Avoid using `RUBE_REMOTE_WORKBENCH` for general agent use unless its capabilities are severely restricted and audited. Ensure the `rube` MCP itself has granular permissioning and that the agent's access to `RUBE_SEARCH_TOOLS` is limited to only necessary use cases.	LLM	SKILL.md:38
MEDIUM	Dependency on External Rube MCP Platform The skill explicitly depends on the `rube` MCP (Managed Control Plane) hosted at `https://rube.app/mcp`, as indicated in the manifest and the setup instructions. The security and functionality of this skill are entirely reliant on the trustworthiness, availability, and security practices of the `rube.app` platform and the Composio ecosystem. There is no version pinning or specific integrity check mentioned for the MCP itself, meaning updates to the external platform could introduce changes or vulnerabilities without explicit notification within the skill package. Acknowledge the reliance on `rube.app/mcp` as a third-party dependency. For critical applications, consider self-hosting or using a trusted, audited instance of the MCP if available. Monitor the security advisories and release notes for `rube.app` and Composio to stay informed about potential security implications of updates.	LLM	Manifest:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a0bfc5ca2905c8e5.svg)](https://skillshield.io/report/a0bfc5ca2905c8e5)